WordPress Plugin Vulnerabilities

ACF Better Search <= 3.3.0 - Cross-Site Request Forgery (CSRF)

Description

The ACF: Better Search WordPress plugin was affected by a Cross-Site Request Forgery (CSRF) security vulnerability.

Affects Plugins

Plugin icon
acf-better-search
Fixed in 3.3.1

References

CVE
CVE-2019-14682
URL
https://plugins.trac.wordpress.org/changeset?reponame=&new=2113254%40acf-better-search&old=2107283%40acf-better-search

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Verified
No
WPVDB ID
fc4b3f21-704e-4184-a4fe-523138a1066a

Timeline

Publicly Published
2019-06-27 (about 6 years ago)
Added
2019-06-27 (about 6 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2020-09-16
Title
Custom Field Template < 2.5.2 - Cross-Site Request Forgery
Published
2025-08-20
Title
NEX-Forms < 9.1.4 - Cross-Site Request Forgery
Published
2021-03-25
Title
Facebook for WordPress 3.0.0-3.0.3 - CSRF to Stored XSS and Settings Deletion
Published
2025-04-09
Title
Social Crowd <= 0.9.6.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2015-04-02
Title
WordPress Video Gallery <= 2.8 - Multiple Cross-Site Request Forgery (CSRF)